The file viewcode.asp is a default IIS files which can give a malicious user a lot of unnecessary information about your file system or source files. Specifically, viewcode.asp can allow a remote user to potentially read any file on a webserver hard drive. Example, http://target/pathto/viewcode.asp?source=../../../../../../autoexec.bat
If you do not need these files, then delete them, otherwise use suitable access control lists to ensure that the files are not world-readable.
- AOLServer Terminal Escape Sequence in Logs Command Injection Vulnerability
- Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
- Apache Tomcat Request Object Security Bypass Vulnerability (Win)
- Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)
- CA ARCserver D2D GWT RPC Request Multiple Vulnerabilities